3 Essential Password Security Tips to Keep Data Breaches at Bay

Written by Heather Mueller on May 9, 2019

Posted in IT + Security

Looking for a strong password your employees can use to secure company data and documents? Try ssAGj$953vy7&2bi. That’s what one popular password generator recommends.

Or you could use N*@2AhR!1tJJeW8$. Several password checkers suggest this would be a difficult one to crack.

Of course, there’s a reason this type of password complexity makes so many employees want to scream in frustration. Such a complicated string of numbers, symbols and letters would be impossible to remember—especially when security experts recommend using a different one for each app, account, and online tool.

Instead, most workers continue to use (and reuse) weak passwords that are familiar, comfortable, and easy to remember:

  • Even though 91% of people understand that using the same password for multiple accounts is a security risk, 59% “mostly or always” use the same password
  • Half of enterprise employees reuse passwords for work-related accounts

That’s not all. An estimated 85% of enterprises allow employees to access data from personal devices, causing even more concerns over data leakage.

Clearly, things need to change.

Many companies are implementing measures like single sign-on, web form protections, and other security measures. But for these initiatives to work, an organization must first address the much more pressing matter of password strength.

Thankfully, it’s becoming easier than ever to help employees get comfortable with password complexity.

3 Essentials for Password Strength in the Workplace

1. Make employee education a priority

This may sound like an obvious measure to take, but a somewhat surprising number of employees still lack the training necessary to achieve data and document security.

In a recent study, nearly half of surveyed IT specialists indicated their employees have accidentally put sensitive data at risk as many as 10 times in the past year. The vast majority of employees, however, said they’ve never intentionally broken company security policies—and attributed breaches to high-pressure work environments with poor training.

No wonder the biggest cybersecurity risk to US businesses is employee negligence. When workers aren’t equipped with the password knowledge and tools they need, cybercriminals have an easy target.

In addition to safe device use and online practices, employees should be educated on the critical importance of password strength and company policies for managing password complexity.

2. Adjust your password requirements

Has your company gotten into the habit of adjusting default security settings for the online tools your teams use? If not, now’s the time to start. This one step can go a long way in helping employees pick stronger passwords.

For example: When setting up Formstack, administrators can require users to select passwords that meet a predetermined length and mix of alpha and numeric characters. They can also set safeguards to prevent employees from reusing existing passwords.

This is especially important for accounts that need to meet PCI compliance standards for secure credit card transactions—a common scenario for companies that collect payments through online forms. In these instances, you’ll need to take steps to ensure your company is meeting the minimum requirements for online form security. Form password requirements for PCI compliance include:

  • A minimum password length of seven characters
  • Both alpha and numeric characters
  • Session timeouts after 15 minutes
  • Password changes every 90 days
  • Unique passwords that are different than the last four used

3. Give them a break

Despite your best efforts, employees WILL resist. It takes time to stop and create new passwords, and keep track of the ones you already have. This time-consuming process can be highly frustrating for the worker whose day is already overflowing with to-dos.

Even the National Institute of Standards and Technology (NIST) advises against several longstanding best practices, such as routine password changes and password complexity requirements, for this very reason.

Fact is, there’s far too much friction when it comes to password security. The more you can ease this pain, the better. This is the reason so many organizations are adopting technology such as single sign-on login, which gives employees access to all apps and data after entering credentials just once, and password managers, which generate and securely store strong passwords on behalf of employees.

Whatever steps you decide to take, don’t delay: More than four dozen companies have already been impacted by security breaches since January of this year—many of them involving highly sensitive credit card information. If you want to avoid a similar fate, the strength of your employees’ passwords is essential.

Did you know? Formstack’s online form builder has attained Payment Card Industry Data Security Standard (PCI DSS). This move means even greater security for your online forms and the data you collect. Learn more about this important development by clicking the link below.


See how Formstack’s Payment Card Industry (PCI) compliance keeps your company and customer data secure.